Friday, April 28, 2006

Battle email phishing

Phishing:
With the advent of internet to homes, comes a new era of predators who resort to drastic measures to capture others' personal information (eg: SSNs, Name address etc) or banking/financial information (eg: bank account, routing numbers, credit card numbers, paypal login-password). This led to the term Phishing. Some users trust internet too much, giving away their information, as the webpage they are viewing looks legitimate. Phishers (http://en.wikipedia.org/wiki/Phishing) often clone a legitimate website & somehow divert -normally thru the use of email/IM- an unsuspecting user to their site, & do the serverside magic of grabbing account information.

Section 1:
Tips
Some tips about reading your emails (Yes let me start with something damn basic). Some of you may know these.....
  • Do not open any email which contains Free in its subject line.
    They are just spam emails trying to allure you to open their email. They may contain scripts which can communicate back to the advertiser (or the malicious script kid) who sent you that email. Wondering what the communication could be??? Just your email & if they have it, your name & address.
  • Do not believe in those 'send this email to 10 users in the next 10 minutes to get good luck' emails. Those are all just BS!
  • If you get any lottery winning email with funny sounding names & asking you to contact another manager/trustee, congratulate yourself, for NOT believing in it. These are so-called 401 scams, famous to be orginiting from Nigeria. Delete it! Just try & google that name & GAAASP how many others are also the 'exclusive winners' around the world.





















  • Same as lottery winning, any trustee/widow/president's wife who was overthrown in a coup try to email you, you guessed it right, Delete it.
  • If you shared your email with dating sites or chat sites, chances are you will get 'Hey sweety, I am chatting on my friend's computer, my email is somebitchbot@crap.com, contact me for pics'. Dont believe in those too, those are just some mail bots sending invitemails to millions of singles worldwide, forget it!

Section 2: How to know the origin(the approx geographic location) of an email message?

This would be very easy if you have a Yahoo Inbox, or are accessing your email in MS Outlook.

If you are using yahoo inbox, scroll down (way down) to the email message you will see full headers.




Click on 'Ful Headers' to read the descriptions of that email.

Now you would see something like this (YMMV) & copy/note the X-Originating-IP





Finally goto http://www.dslreports.com/whois & paste that IP.



Voila! You can get an approximate geographic location of the origin of the PC.




What can you do from then on??? You can verify the emails whoever sent you, even though they look like genuine emails (eg: Paypal, bank Phishing emails)
Report to the abuse email found (on the above page) & to the email provider as well.



Disclaimer: Dont sue me for deleting your real lottery winning emails, or date with a cute chic. These are just to combat spam & scam emails.





1 Comments:

At August 23, 2006 3:12 PM, Anonymous Anonymous said...

nice article

 

Post a Comment

<< Home